Blockchain Might Not Be as Secure as Some Thought

Blockchain has the potential to transform the world we currently live in. Experts insist the technology is “bigger than the internet,” however we might need to take a beat before we put everything from our cash, financial data to our health records on blockchains. Based on a new study titled ‘Finding The Greedy, Prodigal, and Suicidal Contracts at Scale,’ the technology is not nearly really as secure as most ‘experts’ initially thought.

Back in 2009, Bitcoin set the blockchain revolution in motion giving any two parties, wherever, an option to quickly and securely transfer money.

Some newer blockchains, most notably Ethereum, take the utility of Bitcoin to the next level by incorporating smart contracts, which automate the process. The term “smart contract” comes from the digital currency pioneer Nick Szabo, who coined it more than 20 years ago (and who might or might not be the famed Satoshi Nakamoto).

For instance, say you wish to purchase 10 ether tokens, however only if the price drops under $500 per token. Smart contracts are set up to execute particular actions after they encounter a specific state of affairs, so you might set one deal to buy 100 ether tokens when the price drops.

That is not all they can do: while smart contracts could be as simple as the above, they can also be way more sophisticated. You could additionally set up a smart contract to purchase ether if the price hits under $500 per token, you’ve got an account balance above $50,000, it’s a Sunday, and the temperature is greater than it was yesterday! It can be as simple or as complex as the parties can agree on.

Not only are they essential for financial industries, but smart contracts are also important for industries outside of finance that need to reap the benefits of the blockchain technology. For instance, if healthcare systems wished to put medical data on a blockchain, it could use smart contracts to make sure only relevant medical professionals are granted access to them.

While all of it sounds very good in concept, there is some bad news: a research group of computing experts from the National University of Singapore (NUS) and University College London (UCL) published research that details a shocking number of security flaws in smart ethereum contracts.

The research group analyzed roughly a million smart contracts using a custom-built instrument known as MAIAN. The group was in search of contract attacks that could be manipulated to lock funds indefinitely, leak funds randomly, or just kill the contracts.

Their evaluation tool flagged about 34,000 contracts. It even discovered the flaw in the wallet service Parity’s blockchain app that rendered $169 million worth of ether tokens inaccessible to owners back in November 2017. The researchers then manually analyzed 3,759 contracts and found out that they could exploit vulnerabilities in 3,686 of them.

The head of the research team, Sergey compares the crew’s work to interacting with a vending machine as if the researchers randomly pushed buttons and recorded the situations that made the machine act in unintended ways. “I believe that a lot of vulnerabilities are still to be found and formally specified,” Sergey says.

Figuring out that roughly 3.4 % of smart contracts might be susceptible to attackers is enormous. Sure, the centralized technologies we currently use to handle our funds and other essential data aren’t ironclad. Nevertheless, if we’re going to undergo all the trouble of transitioning to a blockchain-supported digital economic system, constructing a better system for record keeping isn’t sufficient enough.

We must strive to construct the best system. Utilizing instruments like MAIAN to reveal current weaknesses is an excellent place to begin.

POPULAR CATEGORY

GadgTecs in your premier science and technology news blog and service provider. We'll provide you with the latest happenings in the tech world, inventions, innovations and advancements. We also provide technology and IT related services such as gadget reviews, web designing, SEO, hosting, VPS/server management, CMS, logos, intro videos and more.